What is app wrapping? One way to more secure mobile apps

Lucas Mearian |
July 24, 2017

As part of a mobile application management strategy, app wrapping allows developers and administrators to apply security enforcement policies to a mobile app without changing its look or functionality.

App wrapping -- the process of applying security policies to a mobile application such as email or a custom-built business app -- can help protect corporate data without changing an app's looks or functionality.

Once the technology is in place, app wrappers enable administrators to set policies that allow employees with corporate-owned or personal mobile devices to safely download an app, typically from an internal store.

As more companies deploy an over-arching enterprise mobility management (EMM) strategy, ensuring that sensitive corporate data isn't compromised by employees' mobile apps is paramount, because apps are increasingly targeted by cybercriminals as a window into backend systems.

Today, about 44% of mid-size to large businesses have rolled out EMM software, according to a survey of 500 IT users by market researcher IDC. Of those businesses, about 60% have deployed some level of mobile application management and its app-wrapping technology subset, the survey showed.

Typically, app wrapping is performed through the use of an SDK from an app or EMM vendor that allows a developer or admin to deploy an API that enables management policies to be set up. For example, an app-wrapping API would allow an admin to control who can download a mobile app and whether corporate data accessed by that app can be copied and pasted.

App wrapping can be applied during internal development of software or after the fact to off-the-shelf software purchases simply by adding executable code via the SDK.

Most app-wrapping capabilities are available natively on EMM software from vendors such as VMware's AirWatch, Box or MobileIron. While some EMM vendors such as Apperian, claim to be able to add app wrapping to virtually any software, "typically, app developers have to expose code through an API and make it wrappable that way," said Phil Hockmuth, program director for enterprise mobility research at IDC.

The disadvantage with that approach is two-fold, according to Joseph Razavian, senior manager for technology alliances in end-user computing at VMware.

First, a vendor like Box will have to make several iterations of its application to support the various SDKs, or app-wrapping engines, in use; secondly, users can get confused as to which app they need to download -- for example, Box for VMware AirWatch or Box for MobileIron, Razavian said.

Last year, VMware joined forces with several EMM vendors to launch the AppConfig Community, an industry consortium working toward standardization.

"Our joint mission is simple: to make enterprise app configuration and security less complicated for developers by expanding the use of OS-native standards. In doing so, we're collectively accelerating mobile deployments for the enterprise," Razavian said.